CHALK ONE up for the security industry.

A bastardish piece of popular and problematic malware can be tricked into dropping its ransomware demands and freeing up your encrypted data.
This is quite exciting stuff. We thought that the only options were to pay up or scorch earth yourself, and not that you could pull the virtual wool over the swines’ eyes and get away scot-free.
Fortunately, security firm InfoArmor looked deeply into the Radamant RDM v2 ramsomware variant (PDF) and found that it was easy to make a monkey out of.

This is not always the case, however, and hackers usually laugh all the way to and from your bank.
“In the past, tools were created by security researchers to help decrypt compromised files of several CryptoLockers. However, many users did not have the skills or knowledge to use them,” said the firm before introducing a punch to the gut.
“In addition, bad actors are continuously improving their cyber crime tools and kits that are regularly used in their personal cyber criminal activities.

These bad actors are continually using exploit kits to deliver complex forms of ransomware, making these cyber crimes very profitable.
“InfoArmor has carried out significant research of the Radamant ransomware kit.

This research has uncovered a specific method of attacking the Radamant C&C server that can potentially decrypt all of the victim’s files without any user interaction.
“The server is used to control all of the infected victims with a targeted vulnerability exploit that can initialise the decryption process without the bad actor’s knowledge.

This method has been highly effective in helping thousands of infected victims while adversely affecting the earnings of cyber criminals.”
Of course, one does not merely walk into the C&C server of an opponent and there is a process behind this keyboard-based alternative to bitcoin payment.
It was straightforward enough for InfoArmor.
“Under the right circumstances, the contents of the entire database can be retrieved and the ransomware can be manipulated to show as ‘paid’ on the infected computers.

This will initialise the decryption procedure,” the firm said.
Individuals should tread carefully when they find themselves at the blunt end of such a threat. µ